<?xml version="1.0"?>
<rss xmlns:dc="http://purl.org/dc/elements/1.1/" version="2.0">
  <channel>
    <title>Transition Technology: Ticket #484: Puffin/Aegir SSL options</title>
    <link>http://localhost:8080/trac/ticket/484</link>
    <description>&lt;p&gt;
Per other tickets, SSL setup certs now work (see &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/478#comment:15" title="task: Import TN.org site from Quince to Puffin (closed: fixed)"&gt;ticket:478#comment:15&lt;/a&gt;), the actual secure redirects within Drupal are still to do. This is a blocker for now...
&lt;/p&gt;
&lt;p&gt;
See:
&lt;/p&gt;
&lt;ol&gt;&lt;li&gt;Backgound: &lt;a class="ext-link" href="http://drupal.org/node/1882112"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Do I need an extra IP address in order to deploy an ssl certificate?&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;More: &lt;a class="ext-link" href="http://drupal.org/node/1449662#comment-5649764"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Auto Forward to https with BOA&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;Best option?: &lt;a class="ext-link" href="http://drupalcode.org/project/octopus.git/blob/HEAD:/aegir/conf/override.global.inc#l23"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Use extra config with new  "/data/conf/override.global.inc/" file&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;(SLOW) Drupal module: &lt;a class="ext-link" href="http://drupal.org/project/session443"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Carry on using 443 Session&lt;/a&gt;
&lt;/li&gt;&lt;/ol&gt;&lt;p&gt;
What do you think is best, Chris? My vote is for 3, with 4 as backup...
&lt;/p&gt;
</description>
    <language>en-us</language>
    <image>
      <title>Transition Technology</title>
      <url>/trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg</url>
      <link>http://localhost:8080/trac/ticket/484</link>
    </image>
    <generator>Trac 0.12.5</generator>
    <item>
      
        <dc:creator>chris</dc:creator>

      <pubDate>Tue, 29 Jan 2013 09:07:47 GMT</pubDate>
      <title>hours, totalhours changed</title>
      <link>http://localhost:8080/trac/ticket/484#comment:1</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/484#comment:1</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;hours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.1&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;totalhours&lt;/strong&gt;
                changed from &lt;em&gt;0.0&lt;/em&gt; to &lt;em&gt;0.1&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
Replying to &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/484" title="task: Puffin/Aegir SSL options (closed: fixed)"&gt;jim&lt;/a&gt;:
&lt;/p&gt;
&lt;blockquote class="citation"&gt;
&lt;ol start="3"&gt;&lt;li&gt;Best option?: &lt;a class="ext-link" href="http://drupalcode.org/project/octopus.git/blob/HEAD:/aegir/conf/override.global.inc#l23"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Use extra config with new  "/data/conf/override.global.inc/" file&lt;/a&gt;
&lt;/li&gt;&lt;li&gt;(SLOW) Drupal module: &lt;a class="ext-link" href="http://drupal.org/project/session443"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;Carry on using 443 Session&lt;/a&gt;
&lt;/li&gt;&lt;/ol&gt;&lt;p&gt;
What do you think is best, Chris? My vote is for 3, with 4 as backup...
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;ol start="3"&gt;&lt;li&gt;is simply redirecting some http URLs to https, it won't ensure that all authentication cookies are secure, 4. does what is needed, why do you think it's slow?
&lt;/li&gt;&lt;/ol&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Tue, 29 Jan 2013 19:23:42 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/484#comment:2</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/484#comment:2</guid>
      <description>
        &lt;p&gt;
4 would be slower than the other options because 3) happens when settings.php (and the global.inc, then override.global.inc) are loaded very early in Drupal's bootstrap. 4 needs a module, which requires lots more files to be loaded and run before the relevant hooks are run.
&lt;/p&gt;
&lt;p&gt;
I've added Session 443 back to the platform, and we'll go with that (option 4).
&lt;/p&gt;
&lt;p&gt;
The code required in our tn.org settings.php looks like this:
&lt;/p&gt;
&lt;pre class="wiki"&gt;# chris
# https://www.transitionnetwork.org/admin/help/session443
  if (!empty($_SERVER['HTTPS']) &amp;amp;&amp;amp; $_SERVER['HTTPS'] != 'off') {
    ini_set('session.cookie_secure', 1);
  }
&lt;/pre&gt;&lt;p&gt;
Which is simple, but I see this commit referring to issues with Drupal e-commmerce stuff: &lt;a class="ext-link" href="http://drupalcode.org/project/barracuda.git/commit/dfa3536"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;http://drupalcode.org/project/barracuda.git/commit/dfa3536&lt;/a&gt; -- not a problem now, but when the Transition Network shop opens we would need to have a better alternative.
&lt;/p&gt;
&lt;p&gt;
Since &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/487#comment:2" title="defect: robots.txt files for development sites (closed: fixed)"&gt;ticket:487#comment:2&lt;/a&gt; needs me to add some code to override.global.inc, I can probably add this at the same time.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>chris</dc:creator>

      <pubDate>Tue, 29 Jan 2013 19:58:10 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/484#comment:3</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/484#comment:3</guid>
      <description>
        &lt;p&gt;
Replying to &lt;a href="http://localhost:8080/trac/ticket/484#comment:2" title="Comment 2 for Ticket #484"&gt;jim&lt;/a&gt;:
&lt;/p&gt;
&lt;blockquote class="citation"&gt;
&lt;p&gt;
I've added Session 443 back to the platform
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
Thanks, the secure flag does need setting on the authentication cookie.
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Tue, 29 Jan 2013 20:55:45 GMT</pubDate>
      <title></title>
      <link>http://localhost:8080/trac/ticket/484#comment:4</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/484#comment:4</guid>
      <description>
        &lt;p&gt;
Replying to &lt;a href="http://localhost:8080/trac/ticket/484#comment:3" title="Comment 3 for Ticket #484"&gt;chris&lt;/a&gt;:
&lt;/p&gt;
&lt;blockquote class="citation"&gt;
&lt;blockquote class="citation"&gt;
&lt;p&gt;
I've added Session 443 back to the platform
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
Thanks, the secure flag does need setting on the authentication cookie.
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
Per &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/487#comment:3" title="defect: robots.txt files for development sites (closed: fixed)"&gt;ticket:487#comment:3&lt;/a&gt;, I've now set this for all our sites on all platforms via /data/conf/override.global.php
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item><item>
      
        <dc:creator>jim</dc:creator>

      <pubDate>Tue, 29 Jan 2013 23:33:00 GMT</pubDate>
      <title>status changed; resolution set</title>
      <link>http://localhost:8080/trac/ticket/484#comment:5</link>
      <guid isPermaLink="false">http://localhost:8080/trac/ticket/484#comment:5</guid>
      <description>
          &lt;ul&gt;
            &lt;li&gt;&lt;strong&gt;status&lt;/strong&gt;
                changed from &lt;em&gt;new&lt;/em&gt; to &lt;em&gt;closed&lt;/em&gt;
            &lt;/li&gt;
            &lt;li&gt;&lt;strong&gt;resolution&lt;/strong&gt;
                set to &lt;em&gt;fixed&lt;/em&gt;
            &lt;/li&gt;
          &lt;/ul&gt;
        &lt;p&gt;
SSL works now...
&lt;/p&gt;
&lt;ul&gt;&lt;li&gt;Cert is correct
&lt;/li&gt;&lt;li&gt;Redirects to HTTPS in login/logged in and other important pages
&lt;/li&gt;&lt;li&gt;Works like current site as far as my tests show: forces HTTPS when logged in, and not when not.
&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;
Note due to way settings.php is set up, the warning on Drupal's status page shows despite my work over on &lt;a class="closed ticket" href="http://localhost:8080/trac/ticket/487" title="defect: robots.txt files for development sites (closed: fixed)"&gt;#487&lt;/a&gt;:
&lt;/p&gt;
&lt;blockquote class="citation"&gt;
&lt;p&gt;
443 Session        settings.php
Settings.php is not setup correctly. With the current configuration of 443 Session module, the following lines must be in settings.php.
&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;
if (!empty($_SERVER&lt;a class="missing wiki"&gt;HTTPS?&lt;/a&gt;) &amp;amp;&amp;amp; $_SERVER&lt;a class="missing wiki"&gt;HTTPS?&lt;/a&gt; != 'off') {
&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;
ini_set('session.cookie_secure', 1);
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
}
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
}
&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;
The above is caused by the module dumbly scanning settings.php with a regexp in session443_requirements() in its .install file. I've raised a &lt;a class="ext-link" href="http://drupal.org/node/1902540"&gt;&lt;span class="icon"&gt;​&lt;/span&gt;ticket on Drupal.org&lt;/a&gt;.
&lt;/p&gt;
&lt;p&gt;
Closing this for now, unless Chris wants to add anything?
&lt;/p&gt;
      </description>
      <category>Ticket</category>
    </item>
 </channel>
</rss>